<%@taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>在此处插入标题</title>
</head>
<body>
<%
  int age=13;// XSS攻击
  request.setAttribute("age", age);
  String s="<script>alert(1);</script>";
  request.setAttribute("s2", s);
  	String []ar={"戴一飞","朱峰","蒋成燕","夏晓芳"};
 request.setAttribute("ar", ar);
 	
 %>
  <c:out value="${s2}" escapeXml="false"></c:out>
  <br/>
 <c:out value="${age}"></c:out>
 <hr size="30" color="red"/>
 ${s2}
<hr size="30" color="red"/>
<c:if test="${age>=18}">
 成年人
</c:if>
<c:if test="${age<18}">
未成年人
</c:if>
<hr size="30" color="red"/>

<c:forEach items="${ar}" var="r" varStatus="s" >
  ${s.count}:${r}<br>
</c:forEach>
</body>
</html>